Re: Need security proposal for Win2K upgrade...
From: jmcguire@sbcs.comDate: 07/19/02
- Previous message: Frank Knobbe: "RE: write permissions for IIS"
- Maybe in reply to: William: "Need security proposal for Win2K upgrade..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: William <wiliam@rocketmail.com> From: jmcguire@sbcs.com Date: Thu, 18 Jul 2002 22:15:04 -0400
Anticipating that you have already read the MS reasons to upgrade, the
biggest security reason to upgrade to 2000 is support. MS will not release
another service pack for NT/IIS4. SP6a is two years old. There are quite a
few hotfixes and they can be dangerous/tedious to install. MS keeps making
noises about dropping support. The time frame actually looks pretty
generous (2003), but looming. I kind of wonder what they know are problems,
but aren't bothering with fixes unless the bug is published:-/
Can't tell you whether your existing servers can handle 2000, but if they
are more than three years old (or will be soon) they go out of warranty and
support from the manufacturer. Parts are hard to get if something breaks
and you have to take care of it yourself. This is also security related due
to data integrity and availability loss.
Win2k/AD upgrade in place really sucks in many situations. Admin load and
support costs can be pretty high. Besides, most networks are poorly planned
or at least the planning is thwarted over the course of several years. A
clean start is a great opportunity to clean up disjointed domains, remove
unnecessary data, reorganize folders, and fix permissions that have been
neglected.
Gotta admit, though, that I have let a few customers go over by 9 months
recently because their old systems were very stable and still performing
well for them.
There are a couple of MOC Instructor Led/Microsoft Press self study courses
that help prep you for this conversion. For AD design:
http://www.microsoft.com/traincert/syllabi/1561bfinal.asp
http://www.microsoft.com/mspress/books/4678.asp
For planning conversion (AD is the first step these are the other three:
http://www.microsoft.com/TRAINCERT/SYLLABI/2010aFINAL.ASP
http://www.microsoft.com/mspress/books/4839.asp
Here are a few very different examples of conversions we have done/prepped:
Keep in mind the cost of the operation you want to perform. We recently
estimated planning time using the steps in this courseware for a network
with 80 locations on a WAN, 2000 clients (already win2k), 10 servers plus
one at each site for 90 total at between 2,000 and 3,000 hours. A large
portion is inventorying hardware, software, peripheral resources, who uses
all of them, users, groups, and data ownership.
By the same token another much smaller customer (40 users, 2 servers) whose
network I am very familiar (built it) I am upgrading in place after adding
a processor and some RAM to each 1.5 year old servers as the planning was
taken into account when the new servers were built with NT4.
Third example is a non-profit with 13 locations, 300 clients and 25
servers. Most still NT4, The main site is on AD and some core servers
upgraded to 2000 as is Exchange, Nothing works optimally, but this
piecemeal, elongated upgrade path is all they can afford. You wouldn't
believe how rough this puppy was when I starting helping them out, but
we've been taking baby steps over the last couple of years to upgrade and
improve services. This process, however, will actually be more expensive
and painful in the long run.
Hope this helps.
__________________________________________
JOHN MCGUIRE CISSP, MCSE2k, MCSE+I, MCT
888.529.0401
jmcguire@sbcs.com
Strictly Business
www.sbcs.com
William
<wiliam@rocket To: focus-ms@securityfocus.com
mail.com> cc:
Subject: Need security proposal for Win2K upgrade...
07/18/2002
04:43 PM
Hello all,
We are trying to convince management that, even though the servers have
been stable on NT4, we need to upgrade all our machines to Win2K, with AD.
Have any of you put together a proposal for such, especially highlighting
increased security and centralized management features? What sources did
you
use for the security features?
Thank you,
William
-- William Underwood wllmundrwd@netscape.net__________________________________________________ Do You Yahoo!? Yahoo! Autos - Get free new car price quotes http://autos.yahoo.com
- Previous message: Frank Knobbe: "RE: write permissions for IIS"
- Maybe in reply to: William: "Need security proposal for Win2K upgrade..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
